10 Password Security Faux Pas You’re Probably Making

It’s time to learn a few tricks that will enhance your password security, keep your data safe, and (with all powers combined,) render it next to untouchable!

Let’s think logically: would you rather secure your home with one flimsy lock, or a system of deadbolts, padlocks and alarms for reinforcement? Strong password security is the sole gate to prevent a hacker from breaking into a personal email, bank, or social media account. Long gone are the days where “ref123” would cut it, and with the password decryption technology out there today, it is imperative that you avoid the common password security faux pas.

It is now easier than ever before for hackers and tech-savvy teens to get their hands on password-cracking programs, most of which — like Hashcat — are available for free to download online.

When you create an account on a website, your password and login information are stored on a company database as “cryptographic hashes,” which are strings of letters and numbers. The hashes are jumbled until they are run through an algorithm that converts them into plain-text passwords. Password security cracking programs allow hackers to run the hashes through an algorithm after which they are presented with the plain-text password, allowing them entrance into your account. There are also programs that utilize brute force in order to gain access to an account.

However, there are many ways to dupe these programs, so here are some tips to keep your password from being cracked:

1) You’re not using a password manager

We understand it can be difficult to keep track of numerous passwords for different accounts, so we suggest using a password manager like 1Password, Dashlane, or LastPass. LastPass also allows users to secure it with its own password! This is a much safer alternative to keeping your password security contained to an unsecured plain-text document or written on a sticky note attached to your desk in plain sight.

2) You’re reusing some of the same passwords.

If you end up being the unfortunate target of a hacker, it is much easier for them to invade multiple accounts if you use the same password for each one. Password-cracking programs are designed to find similarities between passwords, and having the same one makes it a much easier and quicker to crack, leaving all of your accounts vulnerable to attack.

3) You use a combination of names, places, and dates for easy-to-remember password security.

Many people create passwords using information that is easily accessible on their social media accounts, such as anniversary dates, birth dates, favorite places, or a pet’s name. Since this information is easy to sleuth, it should be avoided at all costs during password creation.

4) Your password security is too predictable.

A great way to elude hackers is to create a unique phrase that you can shorten into an acronym using the first letter of each word in the phrase. It also helps to replace a letter with its visual number counterpart (such as 1 for i, or 3 for e) and add symbols. For example, the phrase “Keep my password safe and secure from hackers!” would translate to “KMP5_5FH!” Because this translation has no meaning and is just a jumble of letters and numbers, it is harder to crack.

5) You’ve shared a password with a friend.

While it should be common sense to avoid the practice, it is surprising how open most people are with sharing their passwords with friends and family. The more people that know your password, the higher your risk for an accidental slip that could lead to your account being hacked.

Do not, we repeat, DO NOT use passwords such as “password,” “12345678,” or “abcdefgh.” Using such simple passwords just set you up to fail, and their convenience is not worth the headache that will come from being hacked.

On the mobile side of things, research from a Norwegian University of Science and Technology graduate shows that nearly 75% of users start their lockscreen passcode pattern from the top left corner. These “easy” passwords are not only easy for you to remember, but they are easy for hackers to crack; it would only take a few seconds to expose these passwords.

Every so often, most secure websites will prompt you to update your password security settings. While some of these websites allow you to use the same password more than once, you should always change your password to something completely new. Most brute-force password programs work off of similarity between other and previous passwords, making it an uncomplicated feat to crack a password that you use over and over again.

8) You still ignore multi-factor authentication.

Multi-factor authentication (MFA) adds an extra layer of password security by requiring another method of authentication on top of your strong password, so we always recommend its use when it is offered. MFA combines two or more independent credentials such as something the user knows (password), and something the user physically has (cell phone).

9) You create passwords based on the order of password requirements.

When there are specifications on length and characters used in a password, please do not make the mistake of using them in the order they are listed. Most websites will suggest using Upper case and lowercase letters, numbers, maybe even a special character, and that’s usually the order they’re created in. Stop that habit right now and mix it up! Avoid beginning a password with an uppercase letter — or any letter for that matter — and don’t always place digits adjacent to each other, for this makes your password predictable for hacking programs.

10) You’re picking the easiest security questions and answers

Do not answer a password security question poorly, otherwise your strong password will be useless. While it is easy to recall your favorite color or pet’s name, it is also very easy for hackers to make a guess or comb through your personal social media pages. Answer questions that only you know the answer to, and would be next to impossible for anyone to find out.